CISCO 870 kai no internet :)

[Pytzamarama]

Xairetw!

 

exw enan cisco 870.

Ekana swsta to routing kommati tou.

Kanw ping kanonika apo to router.

Sta PC tou diktiou dinw getaway to router alla den exw internet.

 

Ti mporei na ftaei?

Pws mpoew na apenergopoiisw ENTELWS to firewall?

 

thanx in advance!!!

[Rabican]

φανταζομαι εχεις DSL σωστα?

εχεις ρυθμισει σωστα το ppp?

εχεις ρυθμισει σωστα τα dialer και atm interfaces?

επισης δοκιμασε ping απο το router σου σε καποια εξωτερικη IP

τελος δες αν εχεις στησει σωστα το ΝΑΤ σου!

[Pytzamarama]

DSL(overISDN)

PPP,Dialers,NAT ok!

ping se ekswteriki IP ok!

 

any clues?

[poulinos]

to firewall apo default i ama to giriseis sta default einai klisto.b.ama den exeis balei nat logiko na min pexei.kati entoles ip nat inside ip nat outside.episis an iparxoun auta alla exeis allaxei lan ip ston router kai den exeis allaxei tin access-list 1 permit ktl ktl pali den tha exeis kai ekei paei to mialo mou.

diladi apo default exei

vlan1

ip address 10.10.10.1 255.255.255.0

 

 

stin access list exei access-list 1 permit 10.10.10.0 0.0.0.255

an allaxei ip kai baleis px 192.168.1.1 255.255.255.0

prepei na allaxei i access list se 192.168.1.0 0.0.0.255

den xero na sou po apo sdm pos ginetai xero apo konsola kai telnet pos ginetai.

[poulinos]

an exeis orexi kane ena copy paste to configuration alla sbise to password kai to username of course.

[Rabican]

να κανω μια χαζη ερωτηση? οχι για να σε πρηξω απλα τα πολυ απλα ειναι αυτα που μας παιδευουν και τελικα φταινε. τα πισι στην ethernet του router κανουν ping?

[Rabican]

den xero na sou po apo sdm pos ginetai xero apo konsola kai telnet pos ginetai.

+1.......

[poulinos]

nai to sdm den to exo psaxei kai poli kai na po tin alitheia den thelo na asxolitho kai poli dioti pio grigora ta kano apo cli para apo to sdm.kai to basiko ine oti blepeis olo to config kai den pigeneis se 10 karteles na psaxneis.kai ta paraxena ginontai mono apo konsola px ios update reset password rommon ktl

[Rabican]

συμφωνω απολυτα φιλε μου!

εξαλλου η πρωτη μου επαφη ηταν με CLI. εκει εμαθα...και ασε τους αλλους να παλευουν με web interface!!ooops ειμαστε λιιιιιγο οφφ τοπικ ομως!

[poulinos]

kai to sdm ine ok.to crws einai i friki.eutixos se kapoia cisco pou exoun kamposi mnimi sbineis to crws kai pernas sdm.auto gia osous den xeroun apo cli an kai to sbisimo tha ginei apo ekei.

[Rabican]

κανεις ενα sho run και βλεπεις τι ακριβως εχεις σεταρει. παντως και εγω στο SOHO μου εχω CRWS και ΔΕΝ το εχω χρησιμοποιησει ποτε...

[Pytzamarama]

Ta PC den kanoun ping....

 

to config einai afto

 

Current configuration : 11251 bytes

!

version 12.4

no service pad

service tcp-keepalives-in

service tcp-keepalives-out

service timestamps debug datetime msec localtime show-timezone

service timestamps log datetime msec localtime show-timezone

service password-encryption

service sequence-numbers

!

hostname MYNAME

!

boot-start-marker

boot-end-marker

!

security authentication failure rate 3 log

security passwords min-length 6

logging buffered 51200 debugging

logging console critical

enable secret 5 XXXXXXX

!

no aaa new-model

!

resource policy

!

clock timezone PCTime 2

clock summer-time PCTime date Mar 30 2003 3:00 Oct 26 2003 4:00

ip subnet-zero

no ip source-route

ip cef

!

!

!

!

ip tcp synwait-time 10

no ip bootp server

ip domain name MYNAME.com

ip name-server 193.92.150.3

ip name-server 194.219

ip ssh time-out 60

ip ssh authentication-retries 2

ip inspect log drop-pkt

ip inspect name SDM_HIGH appfw SDM_HIGH

ip inspect name SDM_HIGH icmp

ip inspect name SDM_HIGH dns

ip inspect name SDM_HIGH esmtp

ip inspect name SDM_HIGH https

ip inspect name SDM_HIGH imap reset

ip inspect name SDM_HIGH pop3 reset

ip inspect name SDM_HIGH tcp

ip inspect name SDM_HIGH udp

ip inspect name SDM_LOW cuseeme

ip inspect name SDM_LOW dns

ip inspect name SDM_LOW ftp

ip inspect name SDM_LOW h323

ip inspect name SDM_LOW https

ip inspect name SDM_LOW icmp

ip inspect name SDM_LOW imap

ip inspect name SDM_LOW pop3

ip inspect name SDM_LOW netshow

ip inspect name SDM_LOW rcmd

ip inspect name SDM_LOW realaudio

ip inspect name SDM_LOW rtsp

ip inspect name SDM_LOW esmtp

ip inspect name SDM_LOW sqlnet

ip inspect name SDM_LOW streamworks

ip inspect name SDM_LOW tftp

ip inspect name SDM_LOW tcp

ip inspect name SDM_LOW udp

ip inspect name SDM_LOW vdolive

!

appfw policy-name SDM_HIGH

application im aol

service default action reset alarm

service text-chat action reset alarm

server deny name login.oscar.aol.com

server deny name toc.oscar.aol.com

server deny name oam-d09a.blue.aol.com

audit-trail on

application im msn

service default action reset alarm

service text-chat action reset alarm

server deny name messenger.hotmail.com

server deny name gateway.messenger.hotmail.com

server deny name webmessenger.msn.com

audit-trail on

application http

strict-http action reset alarm

port-misuse im action

port-misuse p2p action reset alarm

port-misuse tunneling action reset alarm

application im yahoo

service default action reset alarm

service text-chat action reset alarm

server deny name scs.msg.yahoo.com

server deny name scsa.msg.yahoo.com

server deny name scsb.msg.yahoo.com

server deny name scsc.msg.yahoo.com

server deny name scsd.msg.yahoo.com

server deny name cs16.msg.dcn.yahoo.com

server deny name cs19.msg.dcn.yahoo.com

server deny name cs42.msg.dcn.yahoo.com

server deny name cs53.msg.dcn.yahoo.com

server deny name cs54.msg.dcn.yahoo.com

server deny name ads1.vip.scd.yahoo.com

server deny name radio1.launch.vip.dal.yahoo.com

server deny name in1.msg.vip.re2.yahoo.com

server deny name data1.my.vip.sc5.yahoo.com

server deny name address1.pim.vip.mud.yahoo.com

server deny name edit.messenger.yahoo.com

server deny name messenger.yahoo.com

server deny name http.pager.yahoo.com

server deny name privacy.yahoo.com

server deny na

server deny name csb.yahoo.com

server deny name csc.yahoo.com

audit-trail on

!

!

crypto pki trustpoint TP-self-signed-890684866

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-890684866

revocation-check none

rsakeypair TP-self-signed-890684866

!

!

crypto pki certificate chain TP-self-signed-890684866

certificate self-signed 01

30820245 308201AE A0030201 02020101 300D0609 2A864886 F70D0101 04050030

30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274

69666963 6174652D 38393036 38343836 36301E17 0D303230 33303130 30303532

305A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F

532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3839 30363834

38363630 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100

E69902B4 221C6579 B06F2188 4980BE53 FFFADBC2 F4F130CF 1EA48AE1 A2E10364

3D12DB28 41F3F5DB E93FD214 F2081BF5 B5F42BEE 32019447 2BDC8D54 C359D952

6589CD1A ED0161A1 8A3E62CC 6E4F1E72 C4E0BCE3 1595340C 704255C7 A17F58

F29CC742 25DC1DBA E8E990AD 4F08CC86 2E60112B 21A60BFB EAD26060 BA1F37EB

02030100 01A36F30 6D300F06 03551D13 0101FF04 05300301 01FF301A 0603551D

11041330 11820F65 786E6473 2E65786E 64732E63 6F6D301F 0603551D 23041830

1680146F 1DEFB89E 592B2052 8D7520A2 E977CA53 66D02930 1D060355 1D0E0416

04146F1D EFB89E59 2B20528D 7520A2E9 77CA5366 D029300D 06092A86 4886F70D

01010405 00038181 00AD1997 EEC272D8 F678C6F1 DC864A97 23437555 8A605124

809F46A9 1B64DF42 0509E944 90E0761A 98D9EBE8 77A3E778 B19E1EDC 25ECCF

27612BAE 43F625AB 1964D4B3 87C645F7 7AE7029F 98E7289B 75F38A8D 5331337D

EA4EBF6D E1057D0B 6F1C9142 5B1142C5 9CFC9D6E 9C07CB75 A0CEB079 515FFFD9

95765296 76FDE453 F4

quit

username XXXXXX privilege 15 secret 5 JJJJJJJ

!

!

class-map match-any sdm_p2p_kazaa

match protocol fasttrack

match protocol kazaa2

class-map match-any sdm_p2p_edonkey

match protocol edonkey

class-map match-any sdm_p2p_gnutella

match protocol gnutella

class-map match-any sdm_p2p_bittorrent

match protocol bittorrent

!

!

policy-map sdmappfwp2p_SDM_HIGH

class sdm_p2p_gnutella

drop

class sdm_p2p_bittorrent

drop

class sdm_p2p_edonkey

drop

class sdm_p2p_kazaa

drop

!

!

!

!

!

!

interface BRI0

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

encapsulation hdlc

ip route-cache flow

!

interface ATM0

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip route-cache flow

no atm ilmi-keepalive

dsl operating-mode auto

!

interface ATM0.3 point-to-point

pvc 8/35

encapsulation aal5mux ppp

dialer pool-member 1

!

!

interface FastEthernet0

!

interface FastEthernet1

!

interface FastEthernet2

!

interface FastEthernet3

!

interface Vlan1

description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$

ip address 192.168.1.26 255.255.255.0

ip access-group 101 in

no ip redirects

no ip unreachables

no ip proxy-arp

ip virtual-reassembly

ip route-cache flow

ip tcp adjust-mss 1452

!

interface Dialer1

no ip address

shutdown

no cdp enable

!

interface Dialer0

description $FW_OUTSIDE$

ip address negotia

ip access-group 105 in

ip inspect SDM_LOW out

encapsulation ppp

dialer pool 1

dialer-group 1

no cdp enable

ppp authentication chap pap callin

ppp chap hostname [email protected]

ppp chap password 7 135C4E4B595C4A6465

ppp pap sent-username [email protected] password 7 ZZZZZZZ

004757

!

ip classless

ip route 0.0.0.0 0.0.0.0 Dialer0

!

!

ip http server

ip http authentication local

ip http secure-server

ip http timeout-policy idle 5 life 86400 requests 10000

!

logging trap debu

access-list 100 remark auto generated by SDM firewall configuration

access-list 100 remark SDM_ACL Category=1

access-list 100 permit ip XXX.XX.XXX.0 0.0.0.255 any

access-list 100 permit ip host 255.255.255.255 any

access-list 100 permit ip 127.0.0.0 0.255.255.255 any

access-list 100 permit ip any any

access-list 101 remark auto generated by SDM firewall configuration

access-list 101 remark SDM_ACL Category=1

access-list 101 deny ip host 255.255.255.255 any

access-list 101 deny ip 127.0.0.0 0.255.255.255 any

access-list 101 permit ip any any

access-list 102 remark auto generated by SDM firewall configuration

access-list 102 remark SDM_ACL Category=1

access-list 102 permit udp host 193.92.150.3 eq domain any

access-list 102 permit udp host 194.219.227.2 eq domain any

access-list 102 deny ip 192.168.1.0 0.0.0.255 any

access-list 102 permit icmp any any echo-reply

access-list 102 permit icmp any any time-exceeded

access-list 102 permit icmp any any unreachable

access-list 102 deny ip 10.0.0.0 0.255.255.255 any

access-list 102 deny ip 172.16.0.0 0.15.255.255 any

access-list 102 deny ip 192.168.0.0 0.0.255.255 any

access-list 102 deny ip 127.0.0.0 0.255.255.255 any

access-list 102 deny ip host 255.255.255.255 any

access-list 102 deny ip host 0.0.0.0 any

access-list 102 deny ip any any log

access-list 103 remark auto generated by SDM firewall configuration

access-list 103 remark SDM_ACL Category=1

access-list 103 permit udp host 193.92.150.3 eq domain any

access-list 103 permit udp host 194.219.227.2 eq domai

access-list 103 deny ip 192.168.1.0 0.0.0.255 any

access-list 103 permit icmp any any echo-reply

access-list 103 permit icmp any any time-exceeded

access-list 103 permit icmp any any unreachable

access-list 103 deny ip 10.0.0.0 0.255.255.255 any

access-list 103 deny ip 172.16.0.0 0.15.255.255 any

access-list 103 deny ip 192.168.0.0 0.0.255.255 any

access-list 103 deny ip 127.0.0.0 0.255.255.255 any

access-list 103 deny ip host 255.255.255.255 any

access-list 103 deny ip host 0.0.0.0 any

access-list 103 deny ip any any log

access-list 104 remark auto generated by SDM firewall configuration

access-list 104 remark SDM_ACL Category=1

access-list 104 permit udp host 193.92.150.3 eq domain any

access-list 104 permit udp host 194.219.227.2 eq domain any

access-list 104 deny ip 192.168.1.0 0.0.0.255 any

access-list 104 permit icmp any any echo-reply

access-list 104 permit icmp any any time-exceeded

access-list 104 permit icmp any any unreachable

access-list 104 deny ip 10.0.0.0 0.255.255.255 any

access-list 104 deny ip 172.16.0.0 0.15.255.255 any

access-list 104 deny ip 192.168.0.0 0.0.255.255 any

access-list 104 deny ip 127.0.0.0 0.255.255.255 any

access-list 104 deny ip host 255.255.255.255 any

access-list 104 deny ip host 0.0.0.0 any

access-list 104 deny ip any any log

access-list 105 remark auto generated by SDM firewall configuration

access-list 105 remark SDM_ACL Category=1

access-list 105 permit udp host 194.219.227.2 eq domain any

access-list 105 permit udp host 193.92.150.3 eq domai

access-list 105 deny ip 192.168.1.0 0.0.0.255 any

access-list 105 permit icmp any any echo-reply

access-list 105 permit icmp any any time-exceeded

access-list 105 permit icmp any any unreachable

access-list 105 deny ip 10.0.0.0 0.255.255.255 any

access-list 105 deny ip 172.16.0.0 0.15.255.255 any

access-list 105 deny ip 192.168.0.0 0.0.255.255 any

access-list 105 deny ip 127.0.0.0 0.255.255.255 any

access-list 105 deny ip host 255.255.255.255 any

access-list 105 deny ip host 0.0.0.0 any

access-list 105 deny ip any any log

dialer-list 1 protocol ip permit

no cdp run

!

!

control-plane

!

banner login ^CAuthorized access only!

Disconnect IMMEDIATELY if you are not an authorized user!^C

!

line con 0

login local

no modem enable

transport output telnet

line aux 0

login local

transport output telnet

line vty 0 4

privilege level 15

login local

transport input telnet ssh

line vty 5 15

privilege level 15

login local

transport input telnet ssh

!

scheduler max-task-time 5000

scheduler allocate 4000 1000

scheduler interval 500

end

[Rabican]

δεν βλεπω πουθενα ΝΑΤ η κανω λαθος?

[poulinos]

megalo config kai pola deny ktl.alla auto pou blepo ine oti exeis pseutikes ip men alla den blepo katholou nat,oute ip nat inside oute ip nat outside .poli megalo configuration pantos kai aporo posa thes apo auta.

[poulinos]

interface Vlan1

description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$

ip address 10.10.10.1 255.255.255.0

ip nat inside---------------------------

ip virtual-reassembly

ip tcp adjust-mss 1452

 

 

interface Dialer0

description *** ADSL Connection ***

ip address negotiated

ip nat outside-------------

ip virtual-reassembly

ip nat inside source list 101 interface Dialer0 overload ---------------

ip nat inside source route-map ADSL interface Dialer0 overload

 

 

oti exo me paules sigoura lipei

access-list 101 permit ip 10.10.10.0 0.0.0.255 any

 

lipoun kati tetoia